https://bz.apache.org/bugzilla/show_bug.cgi?id=69717
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|---
https://bz.apache.org/bugzilla/show_bug.cgi?id=69717
--- Comment #2 from Jonas Verhofsté ---
Or config validation should fail when the param has a trailing slash?
It just silently not working and that not being documented anywhere is still a
regression caused by the fix for the CVE. :)
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=69717
--- Comment #1 from Remy Maucherat ---
Please read: "Moderate: Security constraint bypass for PreResources and
PostResources CVE-2025-49125" https://tomcat.apache.org/security-9.html
Stripping the trailing / in AbstractResourceSet.setWebAppMou
